CN106529953B - Method and device for risk identification of business attributes - Google Patents
Method and device for risk identification of business attributes Download PDFInfo
- Publication number
- CN106529953B CN106529953B CN201510587147.XA CN201510587147A CN106529953B CN 106529953 B CN106529953 B CN 106529953B CN 201510587147 A CN201510587147 A CN 201510587147A CN 106529953 B CN106529953 B CN 106529953B
- Authority
- CN
- China
- Prior art keywords
- service
- risk
- attribute
- service attribute
- identified
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4016—Transaction verification involving fraud or risk level assessment in transaction processing
Abstract
The application discloses a method for carrying out risk identification on business attributes, which is used for identifying whether risks exist in the business attributes. The method comprises the following steps: acquiring a risk service attribute cluster; the risk service attribute cluster is composed of service attributes with incidence relation, and a single risk service attribute cluster at least comprises one identified service attribute with risk; acquiring a service attribute to be identified; judging whether the service attributes contained in each acquired risk service attribute cluster have the service attributes same as the service attributes to be identified or not by a distributed parallel computing method; and when the judgment result is yes, determining that the service attribute to be identified has risk. The application also discloses a device for identifying risks of the business attributes.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method and an apparatus for performing risk identification on a service attribute.
Background
With the increasing maturity of internet technology, more and more services can be developed through the internet. For example, the user can complete services such as payment, shopping, viewing, entertainment and the like by sending a service request to the server; for another example, different servers having a cooperative working relationship may perform a certain service by transmitting a service instruction, for example, the merchant server may send a payment service instruction including order information such as the user's bank electronic account and the payment amount to the payment server, so that the payment server completes a deduction operation on the user's bank electronic account according to the order information; and so on. It should be noted that the service request sent by the user to the server, the service instruction passed between the servers, and any other service-related message may be collectively referred to as "service message".
Currently, in order to ensure network security and to ensure that the interests of legitimate users of the internet are not damaged, risk identification of business messages in the internet is required. Wherein, the risk identification refers to recognizing various risks possibly faced before the occurrence of the risk accident; the risk identification of the service message means that whether the service attribute contained in the service message has risk or not is identified by using a risk identification method. The service attribute may refer to a user attribute related to a service, for example, when shopping service is performed, a service attribute included in a service message transmitted between the merchant server and the payment server is: a user account, a Media Access Control (MAC) address used when registering the account, a receiving address of the account, and bank card information associated with the account, etc.
Generally, if a business attribute is at risk, processing a business message including the business attribute may result in a bad result such as a risk accident. The significance of risk identification on the service message is that aiming at the identified service message which possibly has risk, bad results can be avoided by intercepting, discarding or changing the identified service message.
For example, a typical scenario requiring risk identification of business attributes is as follows:
in order to increase the credit rating of the seller, the seller user of the shopping site may register a plurality of buyer accounts and purchase goods in the seller's shop using the plurality of buyer accounts. After the purchase is finished, the seller does not really ship the goods, but only after the faked goods are shipped, the receiving is confirmed by using a plurality of buyer accounts and higher evaluation is issued for the goods, so that the credit level of the seller is improved. The service messages such as payment service instructions transmitted in such service processes obviously cause a risk of "generating false evaluations", and therefore risk identification is required.
Disclosure of Invention
The embodiment of the application provides a method for identifying risks of service attributes, which is used for identifying whether risks exist in the service attributes.
The embodiment of the application also provides a device for risk identification of the service attribute, which is used for identifying whether the service attribute has risk.
The embodiment of the application adopts the following technical scheme:
a method for risk identification of business attributes includes:
acquiring a risk service attribute cluster; the risk service attribute cluster is composed of service attributes with incidence relation, and a single risk service attribute cluster at least comprises one identified service attribute with risk; acquiring a service attribute to be identified; judging whether the service attributes contained in each acquired risk service attribute cluster have the service attributes same as the service attributes to be identified or not by a distributed parallel computing method; and when the judgment result is yes, determining that the service attribute to be identified has risk.
An apparatus for risk identification of business attributes, comprising:
a risk service attribute cluster obtaining unit, configured to obtain the generated risk service attribute cluster; the risk service attribute cluster is composed of service attributes with incidence relation, and a single risk service attribute cluster at least comprises one identified service attribute with risk; the service attribute acquiring unit is used for acquiring the service attribute to be identified; the risk identification unit is used for judging whether the service attributes contained in the acquired risk service attribute clusters have the service attributes which are the same as the service attributes to be identified or not through a distributed parallel computing method; and when the judgment result is yes, determining that the service attribute to be identified has risk.
The embodiment of the application adopts at least one technical scheme which can achieve the following beneficial effects:
the purpose of identifying whether the business attribute has risk is achieved by judging whether the business attribute which is the same as the business attribute to be identified exists in the business attributes contained in the various risk business attribute clusters and determining that the business attribute to be identified has risk when the judgment result is yes.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a schematic flowchart of a specific implementation of a method for risk identification of a service attribute according to an embodiment of the present application;
fig. 2 is a schematic diagram of a risk service attribute cluster according to an embodiment of the present application;
fig. 3 is a schematic diagram of a risk service attribute cluster according to an embodiment of the present application;
fig. 4 is a schematic diagram of a risk service attribute cluster according to an embodiment of the present application;
fig. 5 is a schematic flowchart of a specific implementation of a method for risk identification of a payment service according to an embodiment of the present application;
FIG. 6 is a schematic diagram of a connectivity sub-graph according to an embodiment of the present application;
FIG. 7 is a schematic diagram of a connectivity sub-graph provided in an embodiment of the present application;
fig. 8 is a schematic structural diagram of an apparatus for risk identification of a service attribute according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the technical solutions of the present application will be described in detail and completely with reference to the following specific embodiments of the present application and the accompanying drawings. It should be apparent that the described embodiments are only some of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The technical solutions provided by the embodiments of the present application are described in detail below with reference to the accompanying drawings.
Example 1
The embodiment of the application provides a method for identifying risks of service attributes, which is used for identifying whether risks exist in the service attributes. The specific implementation flow diagram of the method is shown in fig. 1, and mainly comprises the following steps:
the risk service attribute cluster is a service attribute cluster (also called a service attribute set) formed by service attributes with incidence relation. Since the acquired single business attribute cluster at least contains one business attribute identified to have risk, such business attribute cluster is also called "risk business attribute cluster".
In the embodiment of the application, the clustering rule of 'clustering the service attributes with the association relationship into one class' is adopted, so that the service attributes can be clustered, and at least one service attribute cluster is obtained. The service attributes have an association relationship, which may mean that at least one of the following conditions is satisfied between different service attributes:
the different service attributes are obtained from the same service message;
the different service attributes are service attributes contained in service messages transmitted in the same service event (more than one service message may be transmitted in the same service event) — the service event here may be any service event completed based on the internet, such as a certain shopping service, a transfer service, etc.;
the similarity between the different service attributes is greater than a preset similarity threshold — for example, an Internet Protocol Address (IP Address) as a service attribute, where IP Address 1 is: 192.168.1.112, IP address 2 is: 192.168.1.115, all belong to the same network segment (192.168.1.110-192.168.1.120), the similarity between the IP address 1 and the IP address 2 is called to be larger than a preset similarity threshold;
and so on.
In the embodiment of the present application, the service attribute for clustering may be obtained from a historical service message serving as a sample.
After the clustering of the service attributes is completed, whether each service attribute cluster contains at least one identified service attribute with risk can be respectively judged. For any service attribute cluster, if it is determined that the service attribute cluster includes at least one identified service attribute (for example, service attribute a) with risk, the service attribute a and the service attribute cluster have a relationship, so that it can be considered that other service attributes in the service attribute cluster are also likely to have risk, and the service attribute cluster is referred to as a risk service attribute cluster.
Hereinafter, a single sample service attribute cluster to be risk-identified (hereinafter referred to as the sample service attribute cluster) is taken as an example to describe how to determine whether the sample service attribute cluster is a risk service attribute cluster by using a Bulk synchronization Parallel computing model (BSP model) and the acquired sample service attributes with risks:
firstly, a connected subgraph is constructed according to the service attribute to be identified and the risk service attribute cluster in a mode that the service attribute is distributed to the nodes of the connected subgraph and the incidence relation between the service attributes is used as the edges between the nodes.
And then, according to the BSP model, transmitting the service attributes respectively allocated to each node among the nodes of the connected subgraph, so that each node judges whether the service attributes which are the same as the service attributes to be identified exist in the service attributes contained in each acquired risk service attribute cluster by comparing whether the self-allocated service attributes are consistent with the received service attributes. And if the judgment result obtained by at least one node which is allocated with the sample service attribute of the sample service attribute cluster is yes, determining the sample service attribute cluster as a risk service attribute cluster.
For example, if the node a1 determines that the business attribute assigned by itself is the same as a sample business attribute identified as having a risk as shown in fig. 2, the sample business attribute cluster shown in fig. 2 where the node a1 is located is determined as a risk business attribute cluster.
In one embodiment, the generated risk business attribute cluster may be stored in a risk business attribute library, so that the generated risk business attribute cluster may be obtained from the risk business attribute library.
the service attribute to be identified may be, for example, a service attribute included in a service message to be risk identified. In the embodiment of the application, the business message to be subjected to risk identification transmitted in the internet can be captured or intercepted, so that the business message to be subjected to risk identification is obtained. Or, the service message sent by other equipment can be directly received.
For example, if the service message to be risk-identified is a payment service message generated when the user performs online shopping, the service attributes of the account information registered by the user, the service attribute of the MAC address used when the account is registered, the service attribute of the mailbox associated with the user account, the service attribute of the bank card number associated with the user account, and the like included in the payment service message are all the service attributes to be identified. For example, if the service message to be risk-identified is a service message generated when the user watches a movie on the internet, service attributes of the account information registered by the user, service attributes of a mailbox associated with the user account, service attributes of a webpage where the user watches the movie, and the like, which are included in the service message, are all service attributes to be identified.
And step 13, judging whether the service attributes contained in each acquired risk service attribute cluster have the service attributes same as the service attributes to be identified through a distributed parallel computing method.
When the judgment result is yes, executing step 14; otherwise, it may be determined that the service attribute to be identified has no risk, and the process is ended.
And 14, when the judgment result is yes, determining that the service attribute to be identified has risk.
The distributed parallel computing method is a method for performing computation synchronously using a plurality of computing devices, servers, or storage devices using the internet. By adopting the distributed parallel computing method, the computing efficiency of the data in the big data environment can be improved.
It should be noted that, by using a distributed parallel computing method, determining whether a service attribute identical to a service attribute to be identified exists in the service attributes included in each acquired risk service attribute cluster includes: establishing a connected subgraph according to the service attribute to be identified and the risk service attribute cluster in a mode that the service attribute is distributed to the nodes of the connected subgraph and the incidence relation between the service attributes is used as the edges between the nodes; and judging whether the service attributes contained in each acquired risk service attribute cluster have the service attributes same as the service attributes to be identified or not by adopting a distributed parallel computing method in the connected subgraph.
In an embodiment, a distributed parallel computing method provided in an embodiment of the present application may be: a BSP model. Then, the service attributes can be clustered through the BSP model to generate a risky service attribute cluster.
The BSP model is a parallel computing model provided by Viliant of England computer scientists in the last 80 th century, and mainly comprises a group of Processors (Processors), operation behaviors (L cal calculation) supported by the Processors and Communication (Communication) among the Processors, wherein the Processors refer to parallel computing processes and correspond to a plurality of nodes in a cluster, each node can be provided with a plurality of Processors, L cal calculation refers to the calculation of a single Processor, each Processor can divide some nodes for calculation, Communication refers to the Communication among the Processors, and the implementation principle of the BSP model is a relatively mature technology, and the implementation principle of the BSP model is not repeated herein.
Then, by using the BSP model in the connected subgraph, determining whether a service attribute identical to the service attribute to be identified exists in the service attributes included in each acquired risky service attribute cluster, including: and transmitting the service attributes respectively distributed by each node among the nodes of the connected subgraph according to the BSP model, so that each node judges whether the service attributes same as the service attributes to be identified exist in the service attributes contained in each acquired risk service attribute cluster by comparing whether the self-distributed service attributes are consistent with the received service attributes.
Based on the BSP model, the specific generation mode of the risk service attribute cluster comprises the following steps:
the substep 1, clustering the sample service attribute by using a BSP model to generate a sample service attribute cluster;
the sample service attribute refers to a service attribute for clustering. Which may be obtained from historical traffic messages. It should be noted that the default of the different service attributes obtained from the service message of the same service event is the service attributes having an association relationship with each other.
Distributing each service attribute contained in each sample service message to each node of the BSP model respectively, wherein each node on the BSP model comprises the distributed service attribute (hereinafter called main service attribute), and is also distributed with the service attribute (hereinafter called auxiliary service attribute) which is default and has an association relation with the service attribute, and transmitting the distributed main service attribute of each node among each node of the BSP model so as to cluster the nodes with the association into a cluster. It should be noted that the main service attribute is used for passing between the nodes.
It is assumed that a node 1 is assigned with a main service attribute a and an auxiliary service attribute c, a node 3 is assigned with a main service attribute c and an auxiliary service attribute a, and the node 1 sends the main service attribute a assigned to the node 1 to all other nodes, wherein because the node 3 is assigned with the auxiliary service attribute a, the node 3, after receiving the main service attribute a sent by the node 1, sends notification information to a master node in the BSP model for uniformly managing node relationships in the BSP model, so that the master node learns that the node 1 and the node 3 are nodes having an association with each other. Based on the function of the master node, the incidence relation between the nodes in the BSP model can be obtained through the subsequent access to the master node.
For example, assuming that node a has a relationship with node a1, node a2, and node a3, respectively, node B has a relationship with node B1, node B2, and node B3, respectively, and node ab has a relationship with node a1 and node B3, respectively, as shown in fig. 2, the nodes are clustered into one cluster through the above-described processing performed by the BSP model. For convenience of description, each node to which each service attribute is assigned is referred to as a node; the above-mentioned processing is executed through the BSP model, and the nodes are clustered into one cluster, that is, a service attribute cluster.
For convenience of description, the sample business attribute cluster generated by substep 1 will be referred to as a sample business attribute cluster to be risk identified hereinafter.
the sample business attribute identified with risk is generally the business attribute contained in the historical business message identified with risk.
For example, when shopping payment service is performed, according to the complaint of the user, the following are determined: in the service message transmitted between the merchant server and the payment server: if the service attribute of the MAC address used when the buyer registers the account is risky, it can be determined that the payment service message is risky, and each service attribute included in the payment service message can be determined as the identified sample service attribute with risk.
In the embodiment of the application, the sample business attribute identified to have the risk can be stored in the risk business attribute library so as to facilitate subsequent searching. In general, the risk service attribute repository may support being updated periodically or aperiodically.
And substep 3, determining a risk service attribute cluster from the sample service attribute cluster to be subjected to risk identification by using the BSP model and the acquired sample service attribute (hereinafter referred to as the sample service attribute with risk) identified with risk.
The following describes how to determine whether a service attribute identical to a service attribute to be identified exists in service attributes included in a risk service attribute cluster by using a specific determination method, by taking a single risk service attribute cluster as an example:
firstly, according to a mode of respectively allocating single service attributes to each node (by adopting the mode, each node only obtains a single service attribute, so that the difference between the main service attribute and the auxiliary service attribute does not exist), respectively allocating each service attribute contained in the acquired risk service attribute cluster and each acquired service attribute to be identified to nodes of a connected subgraph according to the service attributes, and constructing the connected subgraph according to the service attributes to be identified and the risk service attribute cluster in a mode of taking the incidence relation between the service attributes as edges between the nodes;
and then, according to the BSP model, transmitting the service attributes respectively allocated to each node among the nodes of the connected subgraph, so that each node judges whether the service attributes which are the same as the service attributes to be identified exist in the service attributes contained in each acquired risk service attribute cluster by comparing whether the self-allocated service attributes are consistent with the received service attributes. And determining that the node is assigned with the service attribute to be identified to have risk aiming at the node assigned with the service attribute to be identified with the positive judgment result.
Still taking a single risk service attribute cluster as an example, another way of determining whether a service attribute identical to a service attribute to be identified exists in the service attributes included in the risk service attribute cluster through a specific determination method is as follows:
firstly, according to the mode of respectively allocating main service attributes and auxiliary service attributes to each node, all the obtained service attributes can be determined as identified sample service attributes with risks.
In the embodiment of the application, the sample business attribute identified to have the risk can be stored in the risk business attribute library so as to facilitate subsequent searching. In general, the risk service attribute repository may support being updated periodically or aperiodically.
And substep 3, determining a risk service attribute cluster from the sample service attribute cluster to be subjected to risk identification by using the BSP model and the acquired sample service attribute (hereinafter referred to as the sample service attribute with risk) identified with risk.
The following describes how to determine whether a service attribute identical to a service attribute to be identified exists in service attributes included in a risk service attribute cluster by using a specific determination method, by taking a single risk service attribute cluster as an example:
firstly, according to a mode of respectively allocating single service attributes to each node (by adopting the mode, each node only obtains a single service attribute, so that the difference between the main service attribute and the auxiliary service attribute does not exist), respectively allocating each service attribute contained in the acquired risk service attribute cluster and each acquired service attribute to be identified to nodes of a connected subgraph according to the service attributes, and constructing the connected subgraph according to the service attributes to be identified and the risk service attribute cluster in a mode of taking the incidence relation between the service attributes as edges between the nodes;
and then, according to the BSP model, transmitting the service attributes respectively allocated to each node among the nodes of the connected subgraph, so that each node judges whether the service attributes which are the same as the service attributes to be identified exist in the service attributes contained in each acquired risk service attribute cluster by comparing whether the self-allocated service attributes are consistent with the received service attributes. And determining that the node is assigned with the service attribute to be identified to have risk aiming at the node assigned with the service attribute to be identified with the positive judgment result.
Still taking a single risk service attribute cluster as an example, another way of determining whether a service attribute identical to a service attribute to be identified exists in the service attributes included in the risk service attribute cluster through a specific determination method is as follows:
firstly, according to a mode of respectively allocating main service attributes and auxiliary service attributes to each node, respectively allocating each service attribute contained in the acquired risk service attribute cluster and each acquired service attribute to be identified to nodes of a connected subgraph according to the service attributes, and constructing the connected subgraph according to the service attributes to be identified and the risk service attribute cluster in a mode of taking the incidence relation between the service attributes as edges between the nodes;
and then, according to the BSP model, sending the main service attributes which are respectively distributed by the nodes to be identified between the nodes to which the service attributes are distributed and the nodes to which the service attributes in the acquired risk service attribute cluster are distributed according to the information transmission mode that the single node transmits the distributed service attributes to all other nodes. Each node compares the received main service attribute with the main service attribute and the auxiliary service attribute which are distributed by the node. Suppose that: if the cluster where the node y is located is the acquired risk service attribute cluster, the service attribute to be identified is allocated to the node x, and the service attribute to be identified which is allocated to the node x and the service attribute allocated to the node y have an association relationship, it is determined that the service attribute which is the same as the service attribute to be identified exists in the service attributes contained in the risk service attribute cluster, and it can be determined that the service attribute to be identified has a risk.
It should be noted that, in order to avoid a risk accident when it is determined that the service attribute to be identified is at risk, in one embodiment, when it is determined that the service attribute to be identified is at risk, some predetermined operation may be performed. Taking the execution subject of executing the method and the predetermined operation shown in fig. 1 as an example of a server, the predetermined operation that the server can execute includes at least one of the following operations:
1. intercepting a service message containing the service attribute;
for example, assuming that a receiving address included in a generated payment service message is identified as a risk service attribute when a user performs online transaction, when the merchant server sends the payment service message including the receiving address to the payment server again to request payment, the payment server may intercept the payment service message, thereby achieving the purpose of rejecting the transaction.
2. Modifying the service message;
for example, assuming that when a user watches a video on the internet, the service attribute of the website address of the video website included in the generated service message is identified as the risk service attribute, when the user sends the service message to the server to request to access the video website, the server will modify the website address of the video website included in the service message, so that the user can safely and normally access the video website.
3. Discarding the service message;
4. and sending a risk warning message.
It should be further noted that, in order to ensure that a risk service attribute cluster is utilized, whether a risk exists in a service attribute to be identified can be identified more comprehensively, in an implementation manner, the method provided in the embodiment of the present application further includes: and when the business attribute contained in each acquired risk business attribute cluster is judged to have the business attribute which is the same as the business attribute to be identified, updating the connected subgraph to be updated according to the business attribute to be identified. By utilizing the service attribute to be identified with the risk to update the risk service attribute cluster, the service attribute with the risk contained in the risk service attribute cluster can be richer, and more service attributes with the risk can be identified by utilizing the updated risk service attribute cluster subsequently.
For example, assume that the obtained risk service attribute cluster includes, as shown in fig. 3: the service attribute allocated to the node E is a service attribute to be identified, and the service attribute to be identified is the same as the service attribute allocated to the node D3, that is, it is determined that the service attribute to be identified has a risk, the node E where the service attribute to be identified is located is merged into a risk service attribute cluster, and an updated risk service attribute cluster is generated. The updated risk service attribute cluster is shown in FIG. 4.
In an implementation manner, an embodiment of the present application further provides a naming rule of the risk service attribute cluster, so as to name the risk service attribute cluster acquired in step 11 and the updated risk service attribute cluster, so that both the risk service attribute cluster and the updated risk service attribute cluster have globally unique names.
The specific rule for naming the risk service attribute cluster acquired in step 11 is as follows: and taking the name of the node with the most distributed service attribute information in all the nodes of the cluster generation risk service attribute cluster as the name of the risk service attribute cluster. Note that, the name of the node is represented by "current system time + node ID".
The specific rule for naming the updated risk service attribute cluster is as follows: and before merging, taking the name of the cluster with the maximum number of nodes as the name of the updated risk service attribute cluster. For example, assuming that the original risky service attribute cluster includes 10 nodes and the service attribute cluster merged with the risky service attribute cluster includes 5 nodes, the name of the original risky service attribute cluster is used as the name of the updated risky service attribute cluster.
At present, in the prior art, when classifying the service attributes to be identified, a traditional clustering algorithm (such as a k-means clustering algorithm) is often used, and through multiple iterations, the similarity between the service attributes to be identified and a clustering center obtained by clustering the sample service attributes is calculated, so as to achieve the purpose of classifying the service attributes to be identified. Because the current internet environment tends to be large-data, the existing method cannot complete multiple iterative computations in a short time, so that the classification efficiency of the service attributes to be identified is low. By the method provided in embodiment 1 of the present application, whether a service attribute identical to a service attribute to be identified exists in service attributes included in various acquired risky service attribute clusters is determined by using a BSP model, and when a determination result is yes, it is determined that the service attribute to be identified has a risk, so that classification of the service attribute to be identified can be performed quickly and conveniently.
It should be noted that the execution subjects of the steps of the method provided in embodiment 1 may be the same device, or different devices may be used as the execution subjects of the method. For example, the execution subject of steps 11 and 12 may be device 1, and the execution subject of step 13 may be device 2; for another example, the execution subject of step 11 may be device 1, and the execution subjects of step 12 and step 13 may be device 2; and so on.
Example 2
The embodiment of the application provides a method for identifying risks of a payment service, which is used for identifying whether the payment service has risks. The specific implementation flow diagram of the method is shown in fig. 5, and mainly comprises the following steps:
and step 21, acquiring the generated risk payment service attribute cluster.
And clustering the risk payment service attribute samples by using the BSP model to generate a risk payment service attribute cluster.
The risk payment service attribute sample is a service attribute contained in a service message which is acquired from a database and in which a risk payment operation occurs.
It should be noted that, with the BSP model, the embodiment of the present application may convert the service attribute included in the payment service message into a connectivity sub-graph similar to that shown in fig. 6 for calculation. Wherein, the service attributes (such as USERID (including USERID-1-USERID-4 in figure 6), Email (including Email-1-Email-3 in figure 6), CreditCard (including CC-1-CC-3 in figure 6), receiving address (including receiving address-1-receiving address-2 in figure 6), UMID (including UMID-1-UMID-3 in figure 6), DFprint (including DFprint-1-DFprint-2 in figure 6), etc.) are abstracted to the nodes in the connected subgraph, and the nodes abstracted from the service attributes with incidence relations (such as login, registration, payment, etc.) are connected by straight lines.
For example, in the registration service, the service attribute having an association relationship with the service attribute USERID-1 is assumed to be MAC 2; in the transaction service, the service attribute which has an association relation with the service attribute USERID-1 is a receiving address-3; the service attributes USERID-1, MAC2 and shipping address-3 may be abstracted into nodes in a connectivity sub-graph in the manner described above and a connectivity sub-graph as shown in fig. 7 may be generated based on the associations between these three service attributes. The association relationship among the service attribute USERID-1, the service attribute MAC2 and the service attribute shipping address-3 is shown in the following table.
| |
|
Type of association | Number of associations | |
| USERID-1 | | Registration | 1 | |
| USERID-1 | Delivery address-3 | |
1 |
For example, the obtained payment service attributes may include at least one of the following service attributes:
a shipping address, a MAC address when registering an account, an account associated mailbox, an account associated mobile phone number, and an account associated bank card, among others.
And step 23, judging whether the service attributes contained in the acquired risk service attribute cluster have the service attributes same as the service attributes to be identified. When the judgment result is yes, executing step 24; when the judgment result is no, step 25 is executed.
The specific implementation manner of the determination process in step 23 may refer to the specific implementation manner of step 13 in embodiment 1, and is not described herein again.
And 24, executing specific operation on the judged business attribute with the risk.
The specific operation may be intercepting a service message including the service attribute, modifying the service message, or discarding the service message, or the like.
And 25, releasing the intercepted business messages with risks to be identified.
By the method provided in embodiment 2 of the present application, the service attribute in the service message to be identified is compared with the acquired risky service attribute cluster, whether the service attribute identical to the service attribute to be identified exists in the service attributes included in the acquired risky service attribute clusters is determined, and the service attribute whose determination result is yes is determined as the risky service attribute, so that the purpose of performing risk identification on the payment service is achieved.
Example 3
The embodiment of the application provides a device for risk identification of a service attribute, which is used for identifying whether the service attribute has a risk. The specific structural diagram of the apparatus is shown in fig. 8, and includes a risk service attribute cluster obtaining unit 31, a service attribute to be identified obtaining unit 32, and a risk identifying unit 33.
The risk service attribute cluster acquiring unit 31 is configured to acquire a risk service attribute cluster; the risk service attribute cluster is composed of service attributes with incidence relation, and a single risk service attribute cluster at least comprises one identified service attribute with risk;
a service attribute acquiring unit 32 to be identified, configured to acquire a service attribute to be identified;
the risk identification unit 33 is configured to determine, by using a distributed parallel computing method, whether a service attribute that is the same as a service attribute to be identified exists in the service attributes included in each acquired risk service attribute cluster; and when the judgment result is yes, determining that the service attribute to be identified has risk. .
In one embodiment, the risk identification unit is configured to: establishing a connected subgraph according to the service attribute to be identified and the risk service attribute cluster in a mode that the service attribute is distributed to the nodes of the connected subgraph and the incidence relation between the service attributes is used as the edges between the nodes; and judging whether the service attributes contained in each acquired risk service attribute cluster have the service attributes same as the service attributes to be identified or not by adopting a distributed parallel computing method in the connected subgraph.
In one embodiment, the risk identification unit is configured to: and transmitting the service attributes respectively distributed by each node among the nodes of the connected subgraph according to the BSP model, so that each node judges whether the service attributes same as the service attributes to be identified exist in the service attributes contained in each acquired risk service attribute cluster by comparing whether the self-distributed service attributes are consistent with the received service attributes.
In one embodiment, the risk service attribute cluster forms a to-be-updated connected subgraph; then
The device further comprises: a risk service attribute cluster updating unit, configured to: and when the risk identification unit judges that the service attribute contained in each acquired risk service attribute cluster has the service attribute same as the service attribute to be identified, updating the connected subgraph to be updated according to the service attribute to be identified.
In one embodiment, the apparatus further comprises: the risk processing unit is used for executing at least one of the following operations after the risk identification unit determines that the service attribute to be identified has a risk: intercepting other service messages containing the service attributes; modifying the service message; discarding the service message; and sending a risk warning message.
In an embodiment, the to-be-identified service attribute obtaining unit is specifically configured to: obtaining a service message; and acquiring the service attribute to be identified from the acquired service message. .
By adopting the device provided in embodiment 3 of the present application, the risk identification unit compares the service attribute contained in the risk service attribute cluster acquired by the risk service attribute cluster acquisition unit with the service attribute to be identified acquired by the service attribute to be identified acquisition unit, determines whether the service attribute identical to the service attribute to be identified exists in the service attributes contained in the acquired risk service attribute cluster, and determines the service attribute with the yes determination result as the risk service attribute, thereby achieving the purpose of performing risk identification on the service attribute
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.
Claims (8)
1. A method for risk identification of business attributes, comprising:
acquiring a risk service attribute cluster; the risk service attribute cluster is composed of service attributes with incidence relation, and a single risk service attribute cluster at least comprises one identified service attribute with risk, wherein the service attribute refers to the related attribute specified by a service layer;
acquiring a service attribute to be identified;
through a distributed parallel computing method, judging whether the service attributes contained in each acquired risk service attribute cluster have the service attributes same as the service attributes to be identified, including: establishing a connected subgraph according to the service attribute to be identified and the risk service attribute cluster in a mode that the service attribute is distributed to the nodes of the connected subgraph and the incidence relation between the service attributes is used as the edges between the nodes; according to the BSP model, transmitting the service attributes respectively distributed by each node among the nodes of the connected subgraph, so that each node judges whether the service attributes same as the service attributes to be identified exist in the service attributes contained in each acquired risk service attribute cluster by comparing whether the self-distributed service attributes are consistent with the received service attributes;
and when the judgment result is yes, determining that the service attribute to be identified has risk.
2. The method of claim 1, wherein the risk service attribute cluster constitutes a connected subgraph to be updated; then
After judging whether the service attribute which is the same as the service attribute to be identified exists in the service attributes contained in each acquired risk service attribute cluster, the method also comprises the following steps:
and when the business attribute contained in each acquired risk business attribute cluster is judged to have the business attribute which is the same as the business attribute to be identified, updating the connected subgraph to be updated according to the business attribute to be identified.
3. The method of claim 1, wherein the method further comprises:
when determining that the business attribute to be identified is in risk, performing at least one of the following operations:
intercepting other service messages containing the service attributes;
modifying the service message;
discarding the service message;
and sending a risk warning message.
4. The method according to any of claims 1 to 3, wherein the obtaining of the service attribute to be identified comprises:
obtaining a service message;
and acquiring the service attribute to be identified from the acquired service message.
5. An apparatus for risk identification of business attributes, comprising:
a risk service attribute cluster obtaining unit, configured to obtain a risk service attribute cluster; the risk service attribute cluster is composed of service attributes with incidence relation, and a single risk service attribute cluster at least comprises one identified service attribute with risk, wherein the service attribute refers to the related attribute specified by a service layer;
the service attribute acquiring unit is used for acquiring the service attribute to be identified;
the risk identification unit is used for judging whether the service attributes contained in the acquired risk service attribute clusters have the service attributes which are the same as the service attributes to be identified or not through a distributed parallel computing method; if so, determining that the service attribute to be identified has a risk, including: establishing a connected subgraph according to the service attribute to be identified and the risk service attribute cluster in a mode that the service attribute is distributed to the nodes of the connected subgraph and the incidence relation between the service attributes is used as the edges between the nodes; and transmitting the service attributes respectively distributed by each node among the nodes of the connected subgraph according to the BSP model, so that each node judges whether the service attributes same as the service attributes to be identified exist in the service attributes contained in each acquired risk service attribute cluster by comparing whether the self-distributed service attributes are consistent with the received service attributes.
6. The apparatus of claim 5, wherein the risk service attribute cluster constitutes a to-be-updated connectivity sub-graph; then
The device further comprises:
a risk service attribute cluster updating unit, configured to:
and when the risk identification unit judges that the service attribute contained in each acquired risk service attribute cluster has the service attribute same as the service attribute to be identified, updating the connected subgraph to be updated according to the service attribute to be identified.
7. The apparatus of claim 5, wherein the apparatus further comprises:
the risk processing unit is used for executing at least one of the following operations after the risk identification unit determines that the service attribute to be identified has a risk:
intercepting other service messages containing the service attributes;
modifying the service message;
discarding the service message;
and sending a risk warning message.
8. The apparatus according to any one of claims 5 to 7, wherein the service attribute acquiring unit to be identified is specifically configured to:
obtaining a service message;
and acquiring the service attribute to be identified from the acquired service message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510587147.XA CN106529953B (en) | 2015-09-15 | 2015-09-15 | Method and device for risk identification of business attributes |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510587147.XA CN106529953B (en) | 2015-09-15 | 2015-09-15 | Method and device for risk identification of business attributes |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106529953A CN106529953A (en) | 2017-03-22 |
| CN106529953B true CN106529953B (en) | 2020-07-31 |
Family
ID=58348697
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510587147.XA Active CN106529953B (en) | 2015-09-15 | 2015-09-15 | Method and device for risk identification of business attributes |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106529953B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107679856B (en) * | 2017-09-15 | 2021-05-18 | 创新先进技术有限公司 | Transaction-based service control method and device |
| CN107911232B (en) * | 2017-10-27 | 2021-04-30 | 绿盟科技集团股份有限公司 | Method and device for determining business operation rule |
| CN109191226B (en) * | 2018-06-29 | 2021-10-12 | 创新先进技术有限公司 | Risk control method and device |
| CN109919626B (en) * | 2019-03-11 | 2023-04-07 | 中国银联股份有限公司 | High-risk bank card identification method and device |
| CN110033170B (en) * | 2019-03-14 | 2022-06-03 | 创新先进技术有限公司 | Method and device for identifying risky merchants |
| CN111611345B (en) * | 2020-05-06 | 2023-04-07 | 支付宝(杭州)信息技术有限公司 | Illegal object identification method and device and electronic equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101136758A (en) * | 2007-07-20 | 2008-03-05 | 南京联创科技股份有限公司 | Application method for online accounting system in owing risk control system |
| CN103841130A (en) * | 2012-11-21 | 2014-06-04 | 深圳市腾讯计算机系统有限公司 | Verification information pushing method and device, and identity authentication method and device |
| CN104660636A (en) * | 2013-11-20 | 2015-05-27 | 华为技术有限公司 | Peer-to-peer application identification processing method and peer-to-peer application identification processing device |
-
2015
- 2015-09-15 CN CN201510587147.XA patent/CN106529953B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101136758A (en) * | 2007-07-20 | 2008-03-05 | 南京联创科技股份有限公司 | Application method for online accounting system in owing risk control system |
| CN103841130A (en) * | 2012-11-21 | 2014-06-04 | 深圳市腾讯计算机系统有限公司 | Verification information pushing method and device, and identity authentication method and device |
| CN104660636A (en) * | 2013-11-20 | 2015-05-27 | 华为技术有限公司 | Peer-to-peer application identification processing method and peer-to-peer application identification processing device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106529953A (en) | 2017-03-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106529953B (en) | Method and device for risk identification of business attributes | |
| CN107563757B (en) | Data risk identification method and device | |
| US9256657B1 (en) | Tracking data communicated between services | |
| CN109660574B (en) | Data providing method and device | |
| US20170091041A1 (en) | Method and apparatus for transferring data between databases | |
| US20150058088A1 (en) | Method and system for using transaction data to assign a trade area to a merchant location | |
| US20140279494A1 (en) | Method and system of detecting and using geofencing for fraud detection and modeling | |
| CN111046237B (en) | User behavior data processing method and device, electronic equipment and readable medium | |
| CN107220266B (en) | Method and device for creating service database, storing service data and determining service data | |
| US10554701B1 (en) | Real-time call tracing in a service-oriented system | |
| CN106375360B (en) | Graph data updating method, device and system | |
| CN104579909B (en) | Method and equipment for classifying user information and acquiring user grouping information | |
| CN110909373A (en) | Access control method, device, system and storage medium | |
| CN111461763A (en) | Resource allocation method and device | |
| JP6975153B2 (en) | Data storage service processing method and equipment | |
| CN110602056A (en) | Service parameter transmission method and device | |
| US20140081909A1 (en) | Linking social media posts to a customers account | |
| Ma et al. | Fairness maximization among offline agents in online-matching markets | |
| CN115145587A (en) | Product parameter checking method and device, electronic equipment and storage medium | |
| CN106156185B (en) | Method, device and system for inquiring service request execution state | |
| CN107169752B (en) | Resource transfer method and device | |
| CN111311360A (en) | Resource return method and device, storage medium and electronic device | |
| US20200134621A1 (en) | Detecting cashback and other related reimbursement frauds using blockchain technology | |
| CN117216736A (en) | Abnormal account identification method, data scheduling platform and graph computing platform | |
| CN111414406A (en) | Method and system for identifying same user in different channel transactions |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20200923 Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman, British Islands Patentee after: Innovative advanced technology Co.,Ltd. Address before: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman, British Islands Patentee before: Advanced innovation technology Co.,Ltd. Effective date of registration: 20200923 Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman, British Islands Patentee after: Advanced innovation technology Co.,Ltd. Address before: A four-storey 847 mailbox in Grand Cayman Capital Building, British Cayman Islands Patentee before: Alibaba Group Holding Ltd. |